Skip to main content
Skip table of contents

Application Assessment

Purpose

This document describes how to set up a Application Assessment scan.

Introduction

The Application Assessment evaluates the security risks and vulnerabilities in an organization's software applications, and it is an important part of any vulnerability management program because vulnerabilities in applications can be exploited by attackers to gain unauthorized access to sensitive data or systems.

Application Assessments identify vulnerabilities and consider the security of an application throughout its lifecycle, including design, development, testing, deployment, and maintenance when scanned in multiple stages of its Software Development Life Cycle.

The assessment also considers the application's dependencies, including third-party libraries and frameworks, as these can introduce additional security risks and vulnerabilities.

The results of the assessment can be used to resolve vulnerabilities for remediation in the organization. Remediation may include implementing patches, code changes, or additional security controls such as web application firewalls or intrusion detection systems.

It is strongly recommended that Application Assessments are executed regularly, as new vulnerabilities can be introduced when applications are updated or new features are added.

Setting up an Application Assessment

  1. Select Application assessment.

    Portal_scan_conf_app_assement_URL.png

  2. Fill in the targets.
    When adding more than one target, separate them using a new line.
    The targets can be added as:

    • URL - https://example.com

    • IPv4 - 203.0.113.1

    • IPv4:port - 198.51.100.5:5291

    • IPv6 - [2001:db8:1:2:3:4:5:6]

    • IPv6:port - [2001:db8:2fa:bba:dd3:f3c:11:2b]:928

    • Hostname - cumulus

  3. After adding the targets, click the blue ADD button in the lower right corner.

URL-entries not starting with https protocol are prefixed with https://.

A configuration name is extracted from the host, optional port and path to build a unique and user-friendly representation of the added configuration. URL fragments and queries are not used for configuration names.

Example inputs and generated configuration names:

  • https://example.com/ > example.com

  • https://example.com:8080/admin/login/ > example.com:8080/admin/login

  • https://example.com:8080/admin/#/login > example.com:8080/admin

  • https://example.com:8080/admin?relogin=true > example.com:8080/admin

  • http://192.0.2.99:8081 > 192.0.2.99:8081

The Choose scanner (HIAB only) option is visible if at least one Appsec scanner is available.

  • The first scanner in the list is selected by default.

  • The selected scanner can be changed in the Edit view.

To add scans in HIAB Appsec, one of the regular HIAB scanners must be turned into Appsec scanner.
See Setting up a HIAB as an Appsec Scale Scanner for more information.




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.